CD2H gitForager

zapier/ansible-openvpn_as

Name: ansible-openvpn_as

Owner: Zapier

Description: Ansible OpenVPN Access Server role

Forked from: kbrebanov/ansible-openvpn_as

Created: 2017-09-08 22:48:04.0

Updated: 2017-03-08 06:34:03.0

Pushed: 2017-09-08 22:54:21.0

Homepage: null

Size: 22

Language: null

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

openvpn_as

Installs and configures OpenVPN Access Server

Requirements

This role requires Ansible 1.9 or higher.

Role Variables

| Name |:————— | openvpn_as_version | openvpn_as_ubuntu_trusty_sha256sum | openvpn_as_ubuntu_xenial_sha256sum | openvpn_as_password | openvpn_as_admin_ui_https_ip_address | openvpn_as_admin_ui_https_port | openvpn_as_connect | openvpn_as_cs_admin_only | openvpn_as_cs_auto_generate | openvpn_as_cs_cws_ui_offer_android | openvpn_as_cs_cws_ui_offer_autologin | openvpn_as_cs_cws_ui_offer_ios | openvpn_as_cs_cws_ui_offer_linux | openvpn_as_cs_cws_ui_offer_mac | openvpn_as_cs_cws_ui_offer_server_locked | openvpn_as_cs_cws_ui_offer_user_locked | openvpn_as_cs_cws_ui_offer_win | openvpn_as_cs_https_ip_address | openvpn_as_cs_https_port | openvpn_as_cs_ssl_reneg | openvpn_as_cs_tls_version_min | openvpn_as_host_name | openvpn_as_iptables_append | openvpn_as_iptables_web | openvpn_as_iptables_vpn_disable_filter | openvpn_as_iptables_vpn_disable_mangle | openvpn_as_iptables_vpn_disable_nat | openvpn_as_sa_company_name | openvpn_as_sa_logo_image_file | openvpn_as_sa_show_c2s_routes | openvpn_as_sa_ssl_lib | openvpn_as_vpn_client_config_directives | openvpn_as_vpn_client_routing_inter_client | openvpn_as_vpn_client_routing_reroute_dns | openvpn_as_vpn_client_routing_reroute_gw | openvpn_as_vpn_client_routing_super | openvpn_as_vpn_daemons | openvpn_as_vpn_general_osi_layer | openvpn_as_vpn_server_config_directives | openvpn_as_vpn_server_daemon_enable | openvpn_as_vpn_server_daemon_tcp_port | openvpn_as_vpn_server_daemon_udp_port | openvpn_as_vpn_server_dhcp_option_a | openvpn_as_vpn_server_dhcp_option_dns_0 | openvpn_as_vpn_server_dhcp_option_dns_1 | openvpn_as_vpn_server_dhcp_option_domains | openvpn_as_vpn_server_duplicate_cn | openvpn_as_vpn_server_google_auth_enable | openvpn_as_vpn_server_group_pool | openvpn_as_vpn_server_routing_allow | openvpn_as_vpn_server_routing_gateway_access | openvpn_as_vpn_server_routing_private_access | openvpn_as_vpn_server_routing_private_networks | openvpn_as_vpn_server_routing_routed_subnets | openvpn_as_vpn_server_static_netmask_bits | openvpn_as_vpn_server_static_network | openvpn_as_vpn_server_tls_version_min | openvpn_as_vpn_tls_refresh_interval | openvpn_as_xmlrpc_relay_level | Default | Description | ———————————————|:———————————————————————————————————————————————————————————————————————-|:————————————————————————————————————————————————————-| | 2.1.2 | Version of OpenVPN Access Server to install | | d9d539e7a497ed36a15100a8f24e4fcb42b98581bfc5d79e0bb07b7e4c4a608b | SHA 256 sum of Ubuntu Trusty package | | f00cf38d9fb51beb66ddb9d67b508952d9170b6d94e821465a09d58fb14ce475 | SHA 256 sum of Ubuntu Xenial package | | $6$j8B0A1aiU$53BF5A6qO74IDJWTDqgaafnBar1c.LOKK7sdBxwXJY/K/I/XUFAWNsfm78dI9YBDPTHJlmaZoE.QFg.3DEobO1 (openvpn) | Password for openvpn admin user | | “{{ ansible_default_ipv4.interface }}” | The IP address for the Admin Web Server | | 943 | The port for the Admin Web Server | | true | Enable AS Connect functionality | | false | Restrict Client Web Server access to Access Server administrators | | true | If enabled, automatically generate a client configuration when a client logs into the site and successfully authenticates | | true | Offer Android client | | true | Offer autologin profile | | true | Offer iOS client | | true | Offer Linux client | | true | Offer Mac OS X client | | false | Offer server-locked profile | | true | Offer user-locked profile | | true | Offer Windows client | | “{{ ansible_default_ipv4.interface }}” | The IP address for the Client Web Server | | 943 | The port for the Client Web Server | | false | Support SSL/TLS renegotiation | | 1.0 | Minimum SSL/TLS protocol version accepted by Access Server web server (default, ssl2, ssl3, 1.0, 1.1, 1.2) | | “{{ ansible_default_ipv4.address }}” | Hostname or IP address of VPN server | | false | Append OpenVPN Access server rules instead of prepending | | true | If true, open up web ports on the firewall using iptables | | false | Disable OpenAccess server from modifying iptables filter rules | | false | Disable OpenAccess server from modifying iptables mangle rules | | false | Disable OpenAccess server from modifying iptables nat rules | | OpenVPN Technologies, Inc. | The company name will be shown in the UI | | '' | Path to custom logo image file | | true | Enable client gateway | | openssl | SSL library to use (openssl or polarssl) | | [] | Additional OpenVPN client config directives | | false | Enable or disable packet routing between clients | | false | Push DNS servers to clients | | false | Re-route all client traffic through the VPN | user_c2c_access | false | Allow VPN users with Administrator privilege to access all VPN client IP addresses | | [{client_netmask_bits: 20, client_network: 172.27.224.0, listen_ip_address: “{{ ansible_default_ipv4.interface }}“, listen_port: 443, listen_protocol: tcp, server_ip_address: “{{ ansible_default_ipv4.address }}“}] | VPN server network settings | | 3 | VPN tunneling topology (2: Layer 2 ethernet bridging, 3: Layer 3 routing/NAT) | | [] | Additional OpenVPN server config directives | | true | Enable VPN server daemon | | 943 | VPN server TCP port | | 1194 | VPN server UDP port | dapter_domain_suffix | '' | Setting a default suffix will enable Windows clients to resolve host names to FQDN names | | '' | Primary DNS server to push to clients | | '' | Secondary DNS server to push to clients | | [] | List of internal domains that clients will resolve through the AS-pushed DNS server(s) | | true | Allow multiple concurrent VPN connections for a user | | false | Require that users provide a Google Authenticator one-time password for every VPN login | | ['172.27.240.0/20'] | When a group does not have a specific Dynamic IP Address pool setting, the dynamic IP address pool for the group will be allocated from this list of subnets | _private_nets_to_clients | true | Allow access from private subnets to all VPN client IP addresses and subnets | | true | Allow clients to access network services on the VPN gateway IP address | | nat | Allow VPN clients access to private subnets (non-public networks on the server side) (no, nat, route) | | [] | List of private subnets that all clients should have access to | | [] | List of private subnets which should be reachable via routing instead of NAT | | 24 | Number of bits in static netmask | | '' | Any static VPN IP addresses specified for particular users must be within this network | | default | Minimum TLS protocol version accepted by OpenVPN server (default, 1.0, 1.1 or 1.2) | | 360 | TLS sessions are re-negotiated at this specified interval (in minutes) | | 1 | XML-RPC/REST API (0: Disable API, 1: Enable limited API, 2: Enable complete API) |

Dependencies

None

Example Playbook

Install OpenVPN Access Server

sts: all
les:
- kbrebanov.openvpn_as

License

BSD

Author Information

Kevin Brebanov

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.